You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hugegraph.apache.org by "shbone (via GitHub)" <gi...@apache.org> on 2024/03/06 06:45:22 UTC
[PR] doc: add security page and description [incubator-hugegraph-doc]
shbone opened a new pull request, #332:
URL: https://github.com/apache/incubator-hugegraph-doc/pull/332
- add Security Report page and short description
- add secrity report guideline in contibution
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For additional commands, e-mail: issues-help@hugegraph.apache.org
Re: [PR] doc: add security page and description [incubator-hugegraph-doc]
Posted by "shbone (via GitHub)" <gi...@apache.org>.
shbone commented on PR #332:
URL: https://github.com/apache/incubator-hugegraph-doc/pull/332#issuecomment-1982160126
> Could u paster/show the screenshot in PR comment info?
>
> Also sync the EN doc after the CN done
- add security guide page
- security report page EN version
- security report page CN version
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For additional commands, e-mail: issues-help@hugegraph.apache.org
Re: [PR] doc: add security page and description [incubator-hugegraph-doc]
Posted by "shbone (via GitHub)" <gi...@apache.org>.
shbone commented on PR #332:
URL: https://github.com/apache/incubator-hugegraph-doc/pull/332#issuecomment-1980719820
- [ ] add the security option to community secondary menu
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For additional commands, e-mail: issues-help@hugegraph.apache.org
Re: [PR] doc: add security page and description [incubator-hugegraph-doc]
Posted by "imbajin (via GitHub)" <gi...@apache.org>.
imbajin commented on code in PR #332:
URL: https://github.com/apache/incubator-hugegraph-doc/pull/332#discussion_r1514116775
##########
content/cn/docs/guides/security.md:
##########
@@ -0,0 +1,22 @@
+---
+title: "报告安全问题"
+linkTitle: "安全公告"
+weight: 6
+---
+
+## 报告Apache HugeGraph的安全问题
+
+Apache软件基金会对消除其产品中的安全问题和拒绝服务攻击持非常积极的态度。
Review Comment:
```suggestion
遵循 ASF 的规范, HugeGraph 社区对**解决修复**项目中的安全问题保持非常积极和开放的态度。
```
##########
content/cn/docs/guides/security.md:
##########
@@ -0,0 +1,22 @@
+---
+title: "报告安全问题"
+linkTitle: "安全公告"
+weight: 6
+---
+
+## 报告Apache HugeGraph的安全问题
+
+Apache软件基金会对消除其产品中的安全问题和拒绝服务攻击持非常积极的态度。
+
+我们强烈建议用户首先向我们的私人安全邮件列表报告此类问题,然后再在公共论坛中披露。
+
+请注意,安全邮件列表仅用于报告未公开的安全漏洞并管理解决此类漏洞的过程。我们无法接受常规的错误报告或其他查询。所有发送到此地址的与我们源代码中未公开的安全问题无关的邮件将被忽略。
+
+私人安全邮件地址为: security@hugegraph.apache.org
Review Comment:
```suggestion
独立的安全邮件(组)地址为: `security@hugegraph.apache.org`
```
这里也可以使用 `mailto` 标记自动调用本地邮件客户端, 当然也可以不用
##########
content/cn/docs/guides/security.md:
##########
@@ -0,0 +1,22 @@
+---
+title: "报告安全问题"
+linkTitle: "安全公告"
+weight: 6
+---
+
+## 报告Apache HugeGraph的安全问题
+
+Apache软件基金会对消除其产品中的安全问题和拒绝服务攻击持非常积极的态度。
+
+我们强烈建议用户首先向我们的私人安全邮件列表报告此类问题,然后再在公共论坛中披露。
+
+请注意,安全邮件列表仅用于报告未公开的安全漏洞并管理解决此类漏洞的过程。我们无法接受常规的错误报告或其他查询。所有发送到此地址的与我们源代码中未公开的安全问题无关的邮件将被忽略。
+
+私人安全邮件地址为: security@hugegraph.apache.org
+
+漏洞处理流程概述如下:
+
+- 报告人私下向Apache报告漏洞
+- 适当的项目安全团队与报告人私下合作解决漏洞
+- 项目创建一个新版本的受漏洞影响的软件包,以提供修复程序
+- 项目公开宣布漏洞并描述如何应用修复程序
Review Comment:
```suggestion
安全漏洞处理大体流程如下:
- 报告人私下向 Apache HugeGraph SEC 邮件组报告漏洞 (尽可能包括复现的版本/相关说明/复现方式/影响范围等)
- HugeGraph 项目安全团队与报告人私下合作/商讨漏洞解决方案 (初步确认后可申请 `CVE` 编号予以登记)
- 项目创建一个新版本的受漏洞影响的软件包,以提供修复程序
- 合适的时间可公开漏洞的大体问题 & 描述如何应用修复程序 (遵循 ASF 规范, 公告中不应携带复现细节等敏感信息)
- 正式的 CVE 发布及相关流程同 ASF-SEC 页面
```
##########
content/cn/docs/guides/security.md:
##########
@@ -0,0 +1,22 @@
+---
+title: "报告安全问题"
+linkTitle: "安全公告"
+weight: 6
+---
+
+## 报告Apache HugeGraph的安全问题
+
+Apache软件基金会对消除其产品中的安全问题和拒绝服务攻击持非常积极的态度。
+
+我们强烈建议用户首先向我们的私人安全邮件列表报告此类问题,然后再在公共论坛中披露。
+
+请注意,安全邮件列表仅用于报告未公开的安全漏洞并管理解决此类漏洞的过程。我们无法接受常规的错误报告或其他查询。所有发送到此地址的与我们源代码中未公开的安全问题无关的邮件将被忽略。
Review Comment:
```suggestion
请注意,安全邮件组适用于报告**未公开**的安全漏洞并跟进漏洞处理的过程。常规的软件 `Bug/Error` 报告应该使用 `Github Issue/Discussion` 或是 `HugeGraph-Dev` 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。
```
##########
content/cn/docs/guides/security.md:
##########
@@ -0,0 +1,22 @@
+---
+title: "报告安全问题"
+linkTitle: "安全公告"
+weight: 6
+---
+
+## 报告Apache HugeGraph的安全问题
+
+Apache软件基金会对消除其产品中的安全问题和拒绝服务攻击持非常积极的态度。
+
+我们强烈建议用户首先向我们的私人安全邮件列表报告此类问题,然后再在公共论坛中披露。
Review Comment:
```suggestion
我们强烈建议用户首先向我们的独立安全邮件列表报告此类问题,相关详细的流程规范请参考 [ASF SEC](https://www.apache.org/security/committers.html) 守则。
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For additional commands, e-mail: issues-help@hugegraph.apache.org
Re: [PR] doc: add security page and description [incubator-hugegraph-doc]
Posted by "imbajin (via GitHub)" <gi...@apache.org>.
imbajin merged PR #332:
URL: https://github.com/apache/incubator-hugegraph-doc/pull/332
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For additional commands, e-mail: issues-help@hugegraph.apache.org
Re: [PR] doc: add security page and description [incubator-hugegraph-doc]
Posted by "imbajin (via GitHub)" <gi...@apache.org>.
imbajin commented on code in PR #332:
URL: https://github.com/apache/incubator-hugegraph-doc/pull/332#discussion_r1515645092
##########
content/cn/docs/guides/security.md:
##########
@@ -0,0 +1,23 @@
+---
+title: "报告安全问题"
+linkTitle: "安全公告"
+weight: 6
+---
+
+## 报告Apache HugeGraph的安全问题
+
+遵循 ASF 的规范, HugeGraph 社区对**解决修复**项目中的安全问题保持非常积极和开放的态度。
+
+我们强烈建议用户首先向我们的独立安全邮件列表报告此类问题,相关详细的流程规范请参考 [ASF SEC](https://www.apache.org/security/committers.html) 守则。
+
+请注意,安全邮件组适用于报告**未公开**的安全漏洞并跟进漏洞处理的过程。常规的软件 `Bug/Error` 报告应该使用 `Github Issue/Discussion` 或是 `HugeGraph-Dev` 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。
Review Comment:
```suggestion
请注意,安全邮件组适用于报告**未公开**的安全漏洞并跟进漏洞处理的过程。常规的软件 `Bug/Error` 报告应该使用 `Github Issue/Discussion` 或是 `HugeGraph-Dev` 邮箱组, 发送到安全邮件组但与安全问题无关的邮件将被忽略。
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For additional commands, e-mail: issues-help@hugegraph.apache.org
Re: [PR] doc: add security page and description [incubator-hugegraph-doc]
Posted by "imbajin (via GitHub)" <gi...@apache.org>.
imbajin commented on code in PR #332:
URL: https://github.com/apache/incubator-hugegraph-doc/pull/332#discussion_r1515645092
##########
content/cn/docs/guides/security.md:
##########
@@ -0,0 +1,23 @@
+---
+title: "报告安全问题"
+linkTitle: "安全公告"
+weight: 6
+---
+
+## 报告Apache HugeGraph的安全问题
+
+遵循 ASF 的规范, HugeGraph 社区对**解决修复**项目中的安全问题保持非常积极和开放的态度。
+
+我们强烈建议用户首先向我们的独立安全邮件列表报告此类问题,相关详细的流程规范请参考 [ASF SEC](https://www.apache.org/security/committers.html) 守则。
+
+请注意,安全邮件组适用于报告**未公开**的安全漏洞并跟进漏洞处理的过程。常规的软件 `Bug/Error` 报告应该使用 `Github Issue/Discussion` 或是 `HugeGraph-Dev` 邮箱组。发送到安全邮件组但与安全问题无关的邮件将被忽略。
Review Comment:
```suggestion
请注意,安全邮件组适用于报告**未公开**的安全漏洞并跟进漏洞处理的过程。常规的软件 `Bug/Error` 报告应该使用 `Github Issue/Discussion` 或是 `HugeGraph-Dev` 邮箱组, 发送到安全邮件组但与安全问题无关的邮件将被忽略。
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@hugegraph.apache.org
For additional commands, e-mail: issues-help@hugegraph.apache.org